Why is Primary Response better than competitive products that also claim behavior-based intrusion prevention?
Security products such as McAfee Entercept and Cisco Security Agent use knowledge-based policies (rules and/or signatures) to predefine what an application can and cannot do, and what constitutes an attack. These companies claim that rules and signatures can adequately model normal and anomalous application behavior. While a rules-based approach can be effective in firewalls and other network-focused security products, Sana believes that this approach is fundamentally flawed when it comes to application security. Application behavior is significantly more complex and cannot be accurately defined with a set of rules and signatures. Because rules and signatures are not granular enough to correctly define normal and anomalous application behavior, they force administrators to choose between an effective security policy and a low number of false alarms. Locking down an application with too many rules will prevent it from meeting its core business objectives and will make it more difficult
Related Questions
- I already have a firewall and a Network Intrusion Detection system (NIDS) at my perimeter. Do I still need Primary Response to protect my server-based applications?
- Are we creating community-based options for primary, secondary and tertiary prevention directed at the perpetration of battering?
- Why is Primary Response better than competitive products that also claim behavior-based intrusion prevention?
